Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-22494
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary...
Description: A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.

CVSS: MEDIUM (5.4)

EPSS Score: 0.08%

SSVC Exploitation: poc

Source: CVE
June 3rd, 2025 (5 days ago)

CVE-2024-22492
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary...
Description: A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.

CVSS: MEDIUM (5.4)

EPSS Score: 0.12%

SSVC Exploitation: poc

Source: CVE
June 3rd, 2025 (5 days ago)

CVE-2024-22368
The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This...
Description: The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.

CVSS: MEDIUM (5.5)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
June 3rd, 2025 (5 days ago)

CVE-2024-22028
Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware...
Description: Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data.

CVSS: MEDIUM (4.6)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
June 3rd, 2025 (5 days ago)

CVE-2024-21738
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform
Description: SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.

CVSS: MEDIUM (4.1)

EPSS Score: 0.2%

SSVC Exploitation: none

Source: CVE
June 3rd, 2025 (5 days ago)

CVE-2024-21732
FlyCms through abbaa5a allows XSS via the permission management feature.
Description: FlyCms through abbaa5a allows XSS via the permission management feature.

CVSS: MEDIUM (6.1)

EPSS Score: 0.12%

SSVC Exploitation: poc

Source: CVE
June 3rd, 2025 (5 days ago)

CVE-2024-21666
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
Description: The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.01%

SSVC Exploitation: poc

Source: CVE
June 3rd, 2025 (5 days ago)

CVE-2024-21655
Insufficient control of custom field value sizes
Description: Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4.

CVSS: MEDIUM (4.3)

EPSS Score: 0.09%

SSVC Exploitation: none

Source: CVE
June 3rd, 2025 (5 days ago)

CVE-2024-21647
HTTP Request/Response Smuggling in puma
Description: Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.

CVSS: MEDIUM (5.9)

EPSS Score: 1.79%

SSVC Exploitation: none

Source: CVE
June 3rd, 2025 (5 days ago)

CVE-2024-21597
Junos OS: MX Series: In an AF scenario traffic can bypass configured lo0 firewall filters
Description: An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context. This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
June 3rd, 2025 (5 days ago)